[Script] [Video] fakeAP_pwn (v0.3)

[Eatme]

It was a issue for me! I had to unscrew the antenna of one of my WiFi cards...and the signal as still very strong! #108 has a lot of bug fixes and more of a detailed log file...worth trying!

wow..lol you're very fast with these updates (#109). To get rid of that, I just made a script to auto run command -u before the script starts.

But anyway, looks like I got some progress today after installing the new kernel. I got infected (vnc:mode), but I'm having "time out" issues. I changed the MTU to 1800 from the default value and ran it again and it timed out at uploading the .rb script.

Any further suggestions.. ?

Until then I'll keep trying different scenarios.. C ya later.

[joker5bb]

i actually came up with another way of fixing the redirection to our page by using the bind DNS server

[Casca]

Having an issue with 109 and rth8187 drivers - no internet access in -m normal -v (worked in 104).

Found a workaround in 109 that also speeds up internet access speed to almost transparent -
rmmod rtl8187
modprobe r8187

kate fakeAP_pwn.sh - change "mon0" to "wlan1" (if you have 2 cards, else this won't work - also, IP must be through eth0) - there are 2 instances of "mon0" in the script, change them both.

The script is error checking for multiples of wlan0 and wlan1 and will error out when found - is there an easy way to change this behavior when using the r8187 drivers as they don't spawn a "mon" interface? i.e. wlan0 for IP and wlan1 for AP?

Thanks for the cool new toy to play with :-)

Casca

[Scamentology]

Ive been playing with this for a bit now and it took about a day to realize the drivers were damaged in my "victim" comp. I changed cards and tried another computer and it works fine on both.

Now I'm trying to turn off the running WWW page and run my own stuff.

Is it wrong to do this to someone connecting to me? My neighbor has been poking at my AP. I know who's doing it but i don't want him to know yet. bastard.

Thanks again for the learning experience g0tmi1k. I learned a lot watching this progress.

[g0tmi1k]

wow..lol you're very fast with these updates (#109). To get rid of that, I just made a script to auto run command -u before the script starts.

But anyway, looks like I got some progress today after installing the new kernel. I got infected (vnc:mode), but I'm having "time out" issues. I changed the MTU to 1800 from the default value and ran it again and it timed out at uploading the .rb script.

Any further suggestions.. ?

Until then I'll keep trying different scenarios.. C ya later.

Yes, I've got the time at the mo to update it (and reply to threads ). I have been thinking about adding an "auto-update" feature, but the only problem is, I keep messing about with the "internals/framework". I do my best to test as much as I can, but more offend than not, there's a few errors/bugs - breaking peoples builds. If you want to run that risk, keep on using your script

I don't think (and someone else did too), that the MTU value isn't working. It's on the todo/tofix list.
I think the issue is that the DNS isn't updating (someone else has reported this as well)
Does "normal" mode work? I think it's when it changes over from "forced" to "normal", each mode works ("non" and "normal"), but it cant change from one to the other ("transparent").
Could you also "try transparent" mode, become infected, when it times out, just disconnect and reconnect to the AP, does it then work?

i actually came up with another way of fixing the redirection to our page by using the bind DNS server

Ill get in touch with you about this (=

Having an issue with 109 and rth8187 drivers - no internet access in -m normal -v (worked in 104).

Found a workaround in 109 that also speeds up internet access speed to almost transparent -
rmmod rtl8187
modprobe r8187

kate fakeAP_pwn.sh - change "mon0" to "wlan1" (if you have 2 cards, else this won't work - also, IP must be through eth0) - there are 2 instances of "mon0" in the script, change them both.

The script is error checking for multiples of wlan0 and wlan1 and will error out when found - is there an easy way to change this behavior when using the r8187 drivers as they don't spawn a "mon" interface? i.e. wlan0 for IP and wlan1 for AP?

Thanks for the cool new toy to play with :-)

Casca

Alot has changed from 104 to 109.. I'll try "normal" out in my lab when I next can, and see whats what.

Thanks for pointing out the speed up tips. I'll give it a try as well, and add it in for the next release I do.

Yes the default will not work with everyone's hardware, and the monitor interface may be different (just like it is for you!) You can either edit the file or you can add "-t wlan1" each time.
I've taken out one "mon0" that shouldn't of been there for the next release I do

I've tired to use variables instead of "wlan0, wlan1, mon0" therefore it doesn't matter what they are called, it still should check them the same way
If it's not working for you - could you say what line number (and what build) you are using?

Thanks for thanks & feedback!

[Eatme]

Yes, I've got the time at the mo to update it (and reply to threads ). I have been thinking about adding an "auto-update" feature, but the only problem is, I keep messing about with the "internals/framework". I do my best to test as much as I can, but more offend than not, there's a few errors/bugs - breaking peoples builds. If you want to run that risk, keep on using your script

I don't think (and someone else did too), that the MTU value isn't working. It's on the todo/tofix list.
I think the issue is that the DNS isn't updating (someone else has reported this as well)
Does "normal" mode work? I think it's when it changes over from "forced" to "normal", each mode works ("non" and "normal"), but it cant change from one to the other ("transparent").
Could you also "try transparent" mode, become infected, when it times out, just disconnect and reconnect to the AP, does it then work?

Ok this time I tested with a whole seperate computer in the other room.
-Windows XP SP3

Everything is working on transparent mode except:
1.Internet doesn't work, it just returns error page
2.After running the script, I had to manually copy all of the files in "www (fakeAP_pwn)" to the "/var/www" folder, not (/var/www/fakeAP_pwn) because the targets pc kept returning a blank white page "It Works!" which is the index.html file in "/var/www". Don't know where it came from but I deleted it.

weird because I never had to copy the files into this DIR like this...

PS to everyone-NEVER TEST THIS ON YOU SELF ON VMWARE, it will not work or you will run into slight problems.

[g0tmi1k]

Having an issue with 109 and rth8187 drivers - no internet access in -m normal -v (worked in 104).

Found a workaround in 109 that also speeds up internet access speed to almost transparent -
rmmod rtl8187
modprobe r8187

kate fakeAP_pwn.sh - change "mon0" to "wlan1" (if you have 2 cards, else this won't work - also, IP must be through eth0) - there are 2 instances of "mon0" in the script, change them both.

The script is error checking for multiples of wlan0 and wlan1 and will error out when found - is there an easy way to change this behavior when using the r8187 drivers as they don't spawn a "mon" interface? i.e. wlan0 for IP and wlan1 for AP?

Thanks for the cool new toy to play with :-)

Casca

I've tested both 109 and 112 - I didn't get a problem when I tired normal mode (or any mode for that matter!)
Does the target get an IP? Can it ping google? Does it get the correct DNS? Can it ping the AP? How close/far away are you? Could you post the output from -d? Running in VM? Using airbase-ng?

I've added in your fix about rtl8187 and mon0. Thanks for the hint (=
Also I'm hoping that the checks will work with 'wlan*' instead of 'mon*'

Ok this time I tested with a whole seperate computer in the other room.
-Windows XP SP3

Everything is working on transparent mode except:
1.Internet doesn't work, it just returns error page
2.After running the script, I had to manually copy all of the files in "www (fakeAP_pwn)" to the "/var/www" folder, not (/var/www/fakeAP_pwn) because the targets pc kept returning a blank white page "It Works!" which is the index.html file in "/var/www". Don't know where it came from but I deleted it.

weird because I never had to copy the files into this DIR like this...

PS to everyone-NEVER TEST THIS ON YOU SELF ON VMWARE, it will not work or you will run into slight problems.

That message, "It Works!", is the default one when you just run Apache WITHOUT fakeAP_pwn conf file.
fakeAP_pwn creates a conf when you run it, that give more 'features', one being it changes the the folder it uses from /var/www to $www.
After fakeAP_pwn stops running, it disables and deletes the conf file, restoring it back to how it was.

Yes, running either the attacker or target in a virtual machine CAN (not always and not every time) cause problems (just like it says in the 'Troubleshooting/Help' bit. (=

[Eatme]

new version gives me:

Code:

[i] Configuring: Chaning monitorInterface to:
SIOCSIFMTU: No such device
[!] The monitor interface mon0, isn't correct.

[i] *** BREAK ***

[Casca]

new version gives me:

Code:

[i] Configuring: Chaning monitorInterface to:
SIOCSIFMTU: No such device
[!] The monitor interface mon0, isn't correct.

[i] *** BREAK ***

Hi, I got the same thing - if you have 2 r8187L based wifi cards you can fix it by:

nano fakeAP_pwn.sh
change mon0 to wlan1 and save - I had a look at the code and it's removing the rtl8187 drivers and replacing them with r8187 automatically, so there is no "mon0" being created.


Might want to issue rmmod r8187 & modprobe rtl8187 after the script runs, or just insert that code near the end to complete the cleanup (the mac80211 autoloads with the rtl8187 so no need to modprobe it.

[Scamentology]

might have a bug with meterpreter while running "true" for extras.

VNC WKV and my own encoded payload worked perfectly with the script until I put the extras value to true.
(it sends the stage then gives a sessions ID then stalls forever)

test comp gives up to 3 popups for the download and starts 2 sessions

I was still able to get a meterpreter session on the side with a different port while the fake AP was connected to my test computer. so its not the connection or meterpreter.

Did I miss if there was wep support for airbase? didn't see it in the script anywhere. I'm afraid to continue with hostapd.

Ver 112
using ath9k
eth0 to an AP without internet access (changed ping google.com to 192.168.1.1 to get around the check by your script)
these are the only alterations to your script.

Hope this is helpful. ver 109 works for my purposes but I will keep trying the new versions

What a fun project!!!